Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executing flow template prints multiple results when using matchers #4323

Closed
tarunKoyalwar opened this issue Nov 1, 2023 · 0 comments · Fixed by #4313
Closed

Executing flow template prints multiple results when using matchers #4323

tarunKoyalwar opened this issue Nov 1, 2023 · 0 comments · Fixed by #4313
Assignees
@tarunKoyalwar
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@tarunKoyalwar
Copy link
Member

Nuclei version:

Current Behavior:

id: flow-hide-matcher

info:
  name: Test HTTP Template
  author: pdteam
  severity: info
  description: In flow matcher output of previous step is hidden and only last event matcher output is shown

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        words:
          - ok

  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        words:
          - "Failed event"
$  nuclei -u scanme.sh -t integration_tests/flow/flow-hide-matcher.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.2

		projectdiscovery.io

[INF] Current nuclei version: v3.0.2 (latest)
[INF] Current nuclei-templates version: v9.6.8 (latest)
[INF] New templates added in latest release: 79
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[flow-hide-matcher] [http] [info] https://scanme.sh
[INF] No results found. Better luck next time!

We get above result when we run a flow template which has matchers . as we can see it say No results Found but also prints ` a result this happens because 1st matcher was successful and second wasn't but this is a confusing behaviour for users.

Expected Behavior:

  • only print result if template executed successfully and got a result. after fixing this nuclei should not show any result as target was not vulnerable/ matched
$ ./nuclei -u scanme.sh -t integration_tests/flow/flow-hide-matcher.yaml                   130 ↵

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.2

		projectdiscovery.io

[INF] Current nuclei version: v3.0.2 (latest)
[INF] Current nuclei-templates version: v9.6.8 (latest)
[INF] New templates added in latest release: 79
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[INF] No results found. Better luck next time!

Anything else:

https://discord.com/channels/695645237418131507/700096242226692236/1167389841789550633
@tarunKoyalwar tarunKoyalwar added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Nov 1, 2023
@tarunKoyalwar tarunKoyalwar self-assigned this Nov 1, 2023
@tarunKoyalwar tarunKoyalwar mentioned this issue Nov 1, 2023
Merged
@tarunKoyalwar tarunKoyalwar linked a pull request Nov 1, 2023 that will close this issue
bug fixes in js , network protocol and flow #4313
Merged
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bug fixes in js , network protocol and flow projectdiscovery/nuclei
2 participants
@ehsandeep @tarunKoyalwar